For additional information, refer to these resources:
■ Cisco Systems, Inc., Configuring Port Security: http://cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapte r09186a008019d0de.html
■ Cisco Systems, Inc., SAFE Layer 2 Security In-depth Version 2: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white _paper09186a008014870f.shtml
■ Cisco Systems, Inc., Configuring 802.1XPort-Based Authentication: http://www.cisco.com/en/US/partner/products/hw/switches/ps628/products_configuration_ guide_chapter09186a00800d84b9.html
■ Cisco Systems, Inc., VLANSecurity White Paper: http://cisco.com/en/US/partner/products/hw/switches/ps708/products_white_paper09186a0 08013159f.shtml
■ Cisco Systems, Inc., Configuring Private VLANs (4500 series): http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/pvlans.htm
■ Cisco Systems, Inc., Understanding and Configuring DHCP Snooping: http://cisco.com/en/US/partner/products/hw/switches/ps663/products_configuration_guide_ chapter09186a00800dde9f.html#30724
■ Cisco Systems, Inc., Configuring DAI (4500): http://cisco.com/en/US/partner/products/hw/switches/ps4324/products_configuration_guide _chapter09186a008019d0ca.html
8-98 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 © 2006 Cisco Systems, Inc.
Use the questions here to review what you learned in this module. The correct answers and solutions are found in the Module Self-Check Answer Key.
Q1) Which feature supported on Cisco Catalyst switches restricts a switch port to a specific set or number of MAC addresses? (Source: Understanding Switch Security Issues)
A) port security
B) DHCP snooping
Q2) What is one best practice to mitigate VLAN hopping? (Source: Protecting Against VLAN Attacks)
A ) configure all unused ports as trunks
B) shut down all unused ports
C) set trunks to "negotiate" and not "on"
D) set the interface speed to 10 Mbps
Q3) What are three ways to protect against spoofing attacks? (Source: Protecting Against Spoof Attacks)
Q4) Which two options are valid for improving STP security. (Choose two.) (Source: Describing STP Security Mechanisms)
A) BPDU guard
B) MAC filtering
C) root guard
Q5) Which two features apply to loop guard? (Choose two.) (Source: Preventing STP Forwarding Loops)
A) It allows a blocked port in a physically redundant topology to stop receiving BPDUs.
B) It provides additional protection against Layer 2 STP loops.
C) It moves ports into the STP loop-inconsistent state if BPDUs are not received on a nondesignated port.
D) It enables the blocking port to move to a forwarding state.
Q6) To provide secure, strong authentication and secure communications over insecure channels, instead of Telnet use_. (Source: Securing Network Switches)
© 2006 Cisco Systems, Inc. Minimizing Service Loss and Data Theft in a Campus Network 8-99
Was this article helpful?